About: Worm.Win32.Adjunto.A@mm   Sponge Permalink

An Entity of Type : owl:Thing, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Once executed, the worm copies itself as:%Windir%\svchost.exe The worm creates the following registry entry so that it is executed every time Windows starts:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"svchost" = "%Windir%\svchost.exe" The worm then creates the following registry subkey and value:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System7154\"GL" = "[DATE]" The worm opens a back door on the compromised computer on TCP port 7154. The worm displays a dialog box with one of the following texts: "No me olvido de ti" screen.zip * %Windir% * %ProgramFiles%

AttributesValues
rdfs:label
  • Worm.Win32.Adjunto.A@mm
rdfs:comment
  • Once executed, the worm copies itself as:%Windir%\svchost.exe The worm creates the following registry entry so that it is executed every time Windows starts:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"svchost" = "%Windir%\svchost.exe" The worm then creates the following registry subkey and value:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System7154\"GL" = "[DATE]" The worm opens a back door on the compromised computer on TCP port 7154. The worm displays a dialog box with one of the following texts: "No me olvido de ti" screen.zip * %Windir% * %ProgramFiles%
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
abstract
  • Once executed, the worm copies itself as:%Windir%\svchost.exe The worm creates the following registry entry so that it is executed every time Windows starts:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"svchost" = "%Windir%\svchost.exe" The worm then creates the following registry subkey and value:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System7154\"GL" = "[DATE]" The worm opens a back door on the compromised computer on TCP port 7154. The worm displays a dialog box with one of the following texts: * "System Failure #7154" * "I'm not a puppet. I am a grenade" * "You has been infected with System.7154N" The worm spreads by sending a copy of itself as an attachment to email addresses gathered from the compromised computer. The email has the following characteristics: "No me olvido de ti" "te pongo adjunto u screen saver espero que te guste a mi me parecio cuando menos interesante saludos!!!!!!" screen.zip The zip file attachment contains one of the following file names: * Best_pictures1992.exe * Fidel Castro.exe * Shakira_comico.exe * VIH.exe * administracion de redes.exe * amor.exe * base de datos.exe * bola magica.exe * calientitas.exe * carta de amor.exe * chistes.exe * conversador.exe * encuesta.exe * famosas.exe * fucker_bromas.exe * hacking en espanol.exe * mide tu inteligencia.exe * mujeres.exe * muy gordas.exe * penetracion segura.exe * querida lisa.exe * revelacion.exe * sexo seguro.exe * te quiero decir....exe * te quiero.exe * test.exe * tu futuro.exe * vahinas.exe * zodiaco.exe * zoofilia.exe The worm closes windows with the following titles: * Windows security alert * Alerta de seguridad de windows It scans the compromised computer and infects any .exe files it finds except those found in the following folders: * %Windir% * %ProgramFiles%
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software